Robust April Security Update Tuesday addresses 135 Common Vulnerabilities and Exposures

AndyC 10 April 2025

On Tuesday, Microsoft rolled out a comprehensive set of 135 updates impacting 19 different product families. Among these, ten critical remote code execution issues were fixed, with an additional 18 identified as having a CVSS base score of 8.0 or higher.

Industrial-strength April Patch Tuesday covers 135 CVEs

On Tuesday, Microsoft rolled out a comprehensive set of 135 updates impacting 19 different product families. Among these, ten critical remote code execution issues were fixed, with an additional 18 identified as having a CVSS base score of 8.0 or higher. Notably, one elevation of privilege vulnerability deemed important affects the Windows Common Log File system driver and is currently being actively exploited in the wild.

Microsoft highlights that 11 CVEs are at higher risk of exploitation in the next 30 days. Some of this month’s vulnerabilities can be directly identified by Sophos protection mechanisms, details of which are presented in the table below.

Additionally, this release includes patches for sixteen important Adobe Reader vulnerabilities specific to ColdFusion. A unique aspect this month involves the inclusion of all Edge CVEs in the overall count, although those patches were mostly distributed separately from the main release.

Furthermore, following our practice, we have appended additional sections at the end of this post categorizing all Microsoft patches by severity, expected exploit timeline, CVSS Base score, and product family. There is also a dedicated section covering advisory-style updates and a breakdown of patches affecting the various supported Windows Server platforms.

Statistical Summary

  • Total Common Vulnerabilities and Exposures: 135
  • Public disclosures: 0
  • Exploits detected: 1
  • Severity Breakdown
    • Critical: 10
    • Important: 114
    • Low Impact: 2
    • High / Medium / Low: 9 (CVEs associated with Edge from Chromium; refer to Appendix C for more details)
  • Types of Impact
    • Elevation of Privilege: 48
    • Remote Code Execution: 33
    • Information Disclosure: 18
    • Denial of Service: 14
    • Security Feature Bypass: 9
    • Spoofing: 4
    • Unknown: 9 (Edge-related CVEs from Chromium; see Appendix C for more information)
  • CVSS Score 9.0 or higher: 0
  • CVSS base score 8.0 or higher: 18

A bar chart displaying the distribution of patches in the April 2025 Patch Tuesday release categorized by impact and further differentiated by severity; detailed explanation is provided in the text

Chart 1: Elevation of privilege vulnerabilities account for more than a third of all April patches, while all critical items are focused on remote code execution. Please note that some of the Edge updates in this issue do not have complete impact details and adhere to a different severity scale, thus not reflected in this chart; refer to Appendix C for details.

Products Featured

  • Windows: 89
  • 365 Suite: 15
  • Office Suite: 15
  • Edge Browser: 13
  • SharePoint: 6
  • Visual Studio: 5
  • Azure: 4
  • Excel: 3
  • Microsoft AutoUpdate (MAU) for Mac: 2
  • Word: 2
  • Access: 1
  • ASP.NET: 1
  • Dynamics 365: 1
  • OneNote: 1
  • Outlook for Android: 1
  • Power Automate for Desktop: 1
  • SQL Server: 1
  • System Center: 1
  • Visual Studio Tools for Applications (VSTA): 1

Following our convention, each CVE impacting multiple product families is included in the count for each affected family. Please note thatin April, the names of CVEs may not closely align with the affected product families. Especially, certain CVEs within the Office suite might reference products not explicitly listed in the affected products section of the CVE, and vice versa.

A bar chart exhibiting the distribution of patches in the April 2025 Patch Tuesday release by product family, further distinguished by severity; detailed context is provided in the text

Chart 2: Nineteen different product families receive updates in April, with some Edge-related updates not providing full impact details and following a different severity classification, thereby being designated as “unknown” in terms of impact; check Appendix C for additional information.

Key April Updates

In addition to the previously discussed vulnerabilities, there are several noteworthy points to consider.

CVE-2025-26642, CVE-2025-27745, CVE-2025-27747, CVE-2025-27748, CVE-2025-27749, CVE-2025-27750, CVE-2025-27751, CVE-2025-2772, CVE-2025-29791, CVE-2025-29816, CVE-2025-29820, CVE-2025-29822 (12 CVEs) – various Office vulnerabilities

This month, Office receives a substantial number of patches, particularly affecting users of Office LTSC for Mac 2021 and 2024. All twelve CVEs mentioned above are relevant to these versions, although the updates are not yet available; organizations should closely monitor these CVEs for update releases. Moreover, five of these twelve (CVE-2025-27745, CVE-2025-27748, CVE-2025-27749, CVE-2025-27752, CVE-2025-29791) involve the Preview Pane as a potential vector, escalating their severity from Important to Critical.

CVE-2025-26647 — Windows Kerberos Elevation of Privilege Vulnerability

This elevation of privilege flaw, considered important, appears to exploit vulnerabilities in the trusted Certificate Authority (CA). Ifthe assaulter is capable of doing so and subsequently authorizing a certificate with a specific Subject Key Identifier (SKI) value, they could then utilize that certificate to link to the system, ultimately adopting the identity of any account. This one includes recommended mitigations, such as upgrading all Windows machines and domain controllers to the patch released today, supervising audit events to detect any machine or device that evades that update, and activating Enforcement Mode once your environment no longer utilizes certificates issued by authorities not in the NTAuth store. CA compromise is naturally a long-standing issue in the ecosystem; with this CVE highlighted by Microsoft as more predisposed to be exploited within the next 30 days, it’s deserving of prioritization within your estate.

CVE-2025-27743 — Microsoft System Center Elevation of Privilege Vulnerability

An Important-severity elevation-of-privilege concern, this CVE influences a constellation of System Center products (Operations Manager, Service Manager, Orchestrator, Data Protection Manager, Virtual Machine Manager) and impacts customers who recycle existing System Center .exe installer files to introduce new instances in their environments. The issue arises from an untrusted search path in System Center, which an attacker could, with valid access and some proficiency with DLL hijacking, utilize to heighten their privileges. Microsoft advises impacted users to remove their existing installer setup files (.exe) and then download the latest version of their System Center product (.ZIP).

CVE-2025-29809 — Windows Kerberos Security Feature Bypass Vulnerability

Yet another concern potentially necessitating additional attention from administrators, this Important-severity security feature bypass demands reversion of a prior policy. To quote Microsoft’s advice, “The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to consider the latest alterations. If you implemented this policy, then you’ll need to redeploy using the updated policy.”

Moreover, for any readers who overlooked the announcement, contrary to previous plans, Microsoft is not phasing out driver update synchronization via WSUS (Windows Server Update Services) just yet. Those still depending on the service to accomplish that task (particularly for “disconnected” devices) have a temporary reprieve for now but should continue planning to shift to the cloud-based services Microsoft now emphasizes.

A bar chart showing the distribution of patches in 2025 Patch Tuesdays release by impact, further indicated by severity

  Windows Native Security Authority Escalation of Privileges Vulnerability  CVSS-2025-21204  Windows Application Activation Escalation of Privileges Vulnerability  CVSS-2025-24058  Windows DWM Core Library Escalation of Privileges Vulnerability  CVSS-2025-24060  Microsoft DWM Core Library Escalation of Privileges Vulnerability  CVSS-2025-24062  Microsoft DWM Core Library Escalation of Privileges Vulnerability  CVSS-2025-24073  Microsoft DWM Core Library Escalation of Privileges Vulnerability  CVSS-2025-24074  Microsoft DWM Core Library Escalation of Privileges Vulnerability  CVSS-2025-26639  Windows USB Print Device Escalation of Privileges Vulnerability  CVSS-2025-26640  Windows Digital Media Escalation of Privileges Vulnerability  CVSS-2025-26648  Windows Kernel Escalation of Privileges Vulnerability  CVSS-2025-26649  Windows Secure Channel Escalation of Privileges Vulnerability  CVSS-2025-26665  Windows upnphost.dll Escalation of Privileges Vulnerability  CVSS-2025-26675  Windows Subsystem for Linux Escalation of Privileges Vulnerability  CVSS-2025-26679  RPC Endpoint Mapper Service Escalation of Privileges Vulnerability  CVSS-2025-26681  Win32k Escalation of Privileges Vulnerability  CVSS-2025-26687  Win32k Escalation of Privileges Vulnerability  CVSS-2025-26688  Microsoft Virtual Hard Disk Escalation of Privileges Vulnerability  CVSS-2025-27467  Windows Digital Media Escalation of Privileges Vulnerability  CVSS-2025-27475  Windows Update Stack Escalation of Privileges Vulnerability  CVSS-2025-27476  Windows Digital Media Escalation of Privileges Vulnerability  CVSS-2025-27478  Windows Native Security Authority Escalation of Privileges Vulnerability  CVSS-2025-27483  NTFS Escalation of Privileges Vulnerability  CVSS-2025-27484  Windows Universal Plug and Play (UPnP) Device Host Escalation of Privileges Vulnerability  CVSS-2025-27489  Azure Local Escalation of Privileges Vulnerability  CVSS-2025-27490  Windows Bluetooth Service Escalation of Privileges Vulnerability  CVSS-2025-27492  Windows Secure Channel Escalation of Privileges Vulnerability  CVSS-2025-27727  Windows Setup Program Escalation of Privileges Vulnerability  CVSS-2025-27728  Windows Kernel-Mode Driver Escalation of Privileges Vulnerability  CVSS-2025-27730  Windows Digital Media Escalation of Privileges Vulnerability  Security Vulnerability: CVE-2025-27731  Windows OpenSSH Vulnerability Leading to Privilege Elevation  Security Issue: CVE-2025-27732  Privilege Escalation Vulnerability in Windows Graphics Component  Known Vulnerability: CVE-2025-27733  Vulnerability in NTFS Leading to Elevation of Privileges  Security Breach: CVE-2025-27739  Privilege Elevation Vulnerability in Windows Kernel  Vulnerability: CVE-2025-27740  Elevation of Privilege Vulnerability in Active Directory Certificate Services  Security Flaw: CVE-2025-27741  Vulnerability in NTFS Allowing Privilege Elevation  CVE-2025-27743  Vulnerability in Microsoft System Center Allowing for Privilege Elevation  Security Weakness: CVE-2025-27744  Elevation of Privilege Vulnerability in Microsoft Office  CVE-2025-29792  Elevation of Privilege Vulnerability in Microsoft Office  Security Threat: CVE-2025-29800  Microsoft AutoUpdate (MAU) Vulnerability Leading to Privilege Elevation  Known Vulnerability: CVE-2025-29801  Microsoft AutoUpdate (MAU) Vulnerability Enabling Privilege Elevation  Issue: CVE-2025-29802  Vulnerability in Visual Studio Allowing for Privilege Elevation  Known Vulnerability: CVE-2025-29803  Ability to Elevate Privileges in Visual Studio Tools for Applications and SQL Server Management Studio Vulnerability  CVE-2025-29804  Visual Studio Vulnerability Enabling Privilege Elevation  CVE-2025-29810  Vulnerability in Active Directory Domain Services Enabling Privilege Elevation  Security Vulnerability: CVE-2025-29811  Elevation of Privilege Vulnerability in Windows Mobile Broadband Driver  Security Breach: CVE-2025-29812  Vulnerability in DirectX Graphics Kernel Allowing Privilege Elevation 

 

Code Execution Remotely (33 CVEs) 

Critical severity 
Security Vulnerability: CVE-2025-26663  Remote Code Execution Vulnerability in Windows Lightweight Directory Access Protocol (LDAP) 
Security Issue: CVE-2025-26670  Vulnerability in Lightweight Directory Access Protocol (LDAP) Client Allowing Remote Code Execution 
Known Security Vulnerability: CVE-2025-26686  Vulnerability in Windows TCP/IP Enabling Remote Code Execution 
Critical Concern: CVE-2025-27480  Remote Code Execution Vulnerability in Windows Remote Desktop Services 
Security Threat: CVE-2025-27482  Remote Code Execution Vulnerability in Windows Remote Desktop Services 
Security Breach: CVE-2025-27491  Vulnerability in Windows Hyper-V Enabling Remote Code Execution 
Known Vulnerability: CVE-2025-27745  Remote Code Execution Vulnerability in Microsoft Office 
Security Issue: CVE-2025-27748  Vulnerability Allowing Remote Code Execution in Microsoft Office 
Security Weakness: CVE-2025-27749  Remote Code Execution Vulnerability in Microsoft Office 
Known Vulnerability: CVE-2025-27752  Critical vulnerability 
Urgent severity 
CVE-2025-21205  Windows Communication Security Remote Code Execution Vulnerability 
CVE-2025-21221  Windows Communication Security Remote Code Execution Vulnerability 
CVE-2025-21222  Windows Communication Security Remote Code Execution Vulnerability 
CVE-2025-25000  Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 
CVE-2025-26642  Microsoft Office Remote Code Execution Vulnerability 
CVE-2025-26666  Windows Media Remote Code Execution Vulnerability 
CVE-2025-26668  Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 
CVE-2025-26671  Windows Remote Desktop Services Remote Code Execution Vulnerability 
CVE-2025-26674  Windows Media Remote Code Execution Vulnerability 
CVE-2025-27477  Windows Communication Security Remote Code Execution Vulnerability 
CVE-2025-27481  Windows Communication Security Remote Code Execution Vulnerability 
CVE-2025-27487  Remote Desktop Client Remote Code Execution Vulnerability 
CVE-2025-27729  Windows Shell Remote Code Execution Vulnerability 
CVE-2025-27746  Microsoft Office Remote Code Execution Vulnerability 
CVE-2025-27747  Microsoft Word Remote Code Execution Vulnerability 
CVE-2025-27750  Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-27751  Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-29791  Microsoft Excel Remote Code Execution Vulnerability 
CVE-2025-29793  Microsoft SharePoint Remote Code Execution Vulnerability 
CVE-2025-29794  Microsoft SharePoint Remote Code Execution Vulnerability 
CVE-2025-29815  Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 
CVE-2025-29820  Microsoft Word Remote Code Execution Vulnerability 
CVE-2025-29823  Microsoft Excel Remote Code Execution Vulnerability 

 

Data Exposure (18 CVEs) 

Critical severity 
CVE-2025-21197  Windows NTFS Data Exposure Vulnerability 
CVE-2025-21203  Windows Routing and Remote Access Service (RRAS) Data Exposure Vulnerability 
CVE-2025-25002  Azure Local Cluster Data Exposure Vulnerability 
CVE-2025-26628  Azure Local Group Data Disclosure Vulnerability
CVE-2025-26664 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26667 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26669 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26672 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-26676 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-27474 Windows Routing and Remote Access Service (RRAS) Data Disclosure Vulnerability
CVE-2025-27736 Windows Power Dependency Coordinator Data Disclosure Vulnerability
CVE-2025-27738 Windows Resilient File System (ReFS) Data Disclosure Vulnerability
CVE-2025-27742 NTFS Data Disclosure Vulnerability
CVE-2025-29805 Outlook for Android Data Disclosure Vulnerability
CVE-2025-29808 Windows Cryptographic Services Data Disclosure Vulnerability
CVE-2025-29817 Microsoft Power Automate Desktop Data Disclosure Vulnerability
CVE-2025-29819 Windows Admin Center in Azure Portal Data Disclosure Vulnerability
CVE-2025-29821 Microsoft Dynamics Business Central Data Disclosure Vulnerability

Service Unavailability (14 CVEs)

Critical severity
CVE-2025-21174 Windows Standards-Based Storage Management Service Service Unavailability Vulnerability
CVE-2025-26641 Microsoft Message Queuing (MSMQ) Service Unavailability Vulnerability
CVE-2025-26651 Windows Local Session Manager (LSM) Service Unavailability Vulnerability
CVE-2025-26652 Windows Standards-Based Storage Management Service Service Unavailability Vulnerability
CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Service Unavailability Vulnerability
CVE-2025-26680 Windows Standards-Based Storage Management Service Service Unavailability Vulnerability
CVE-2025-26682 ASP.NET Core and Visual Studio Service Unavailability Vulnerability
CVE-2025-27469 Windows Lightweight Directory Access Protocol (LDAP) Service Unavailability Vulnerability
CVE-2025-27470 Windows Standards-Based Storage Management Service Service Unavailability Vulnerability
CVE-2025-27471 Microsoft Streaming Service Service Unavailability Vulnerability
CVE-2025-27473 HTTP.sys Service Unavailability Vulnerability
CVE-2025-27479 Kerberos Key Distribution Proxy Service Service Unavailability Vulnerability 
CVE-2025-27485  Windows Standard Storage Management Protocol DoS Vulnerability 
CVE-2025-27486  Windows Standard Storage Management Protocol DoS Vulnerability 

 

Bypassing Security Features (9 CVEs) 

Significant threat level 
CVE-2025-26635  Windows Greetings Security Feature Bypass Vulnerability 
CVE-2025-26637  BitLocker Safety Feature Bypass Vulnerability 
CVE-2025-26678  Windows Defender App Lock Security Feature Bypass Vulnerability 
CVE-2025-27472  Windows Web Mark Security Feature Bypass Vulnerability 
CVE-2025-27735  Windows Virtual Security-Based Security (VBS) Feature Bypass Vulnerability 
CVE-2025-27737  Windows Security Zone Assigning Security Feature Bypass Vulnerability 
CVE-2025-29809  Windows Kerberos Safety Feature Bypass Vulnerability 
CVE-2025-29816  Microsoft Text Security Feature Bypass Vulnerability 
CVE-2025-29822  Microsoft OneNote Safety Feature Bypass Vulnerability 

 

Impersonation (4 CVE) 

Significant threat level 
CVE-2025-26644  Windows Greetings Spoofing Vulnerability 
CVE-2025-26647  Windows Kerberos Privilege Elevation Vulnerability 
CVE-2025-25001  Microsoft Browser for iOS Spoofing Vulnerability 
CVE-2025-29796  Microsoft Browser for iOS Spoofing Vulnerability 

 

 

Appendix B: Vulnerability Exploitation and CVSS 

Here is an overview of the April CVEs deemed by Microsoft to be either actively exploited or at a high risk of exploitation within the initial 30 days post-release. The listing is also sorted by CVE. 

Exploitation identified 
CVE-2025-29824  Windows Standard Log File System Driver Privilege Elevation Vulnerability 
Exploitation more expected in the upcoming 30 days 
CVE-2025-26663  Windows Lightweight Directory Access Protocol (LDAP) Code Execution Vulnerability 
CVE-2025-26670  Lightweight Directory Access Protocol (LDAP) Customer Code Execution Vulnerability 
CVE-2025-27472  Windows Web Mark Safety Feature Bypass Vulnerability 
CVE-2025-27480  Windows Remote Desktop Services Customer Code Execution Vulnerability 
CVE-2025-27482  Windows Remote Desktop Services Customer Code Execution Vulnerability 
CVE-2025-27727  Windows Setup Program Privilege Elevation Vulnerability 
CVE-2025-29792  Microsoft Office Privilege Elevation Vulnerability
CVE-2025-29793 Microsoft SharePoint Vulnerability for Remote Code Execution
CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-29809 Windows Kerberos Security Flaw Bypass Vulnerability
CVE-2025-29812 Privilege Elevation Vulnerability in DirectX Graphics Kernel

Here is a collection of CVEs from April with a CVSS Base score of 8.0 or higher as evaluated by Microsoft. The entries are categorized by score and then sorted by CVE. To learn more about the CVSS methodology, check out our guide on priority schema for patches.

CVSS Base CVSS Temporal CVE Title
8.8 7.7 CVE-2025-21205 Vulnerability in Windows Telephony Service for Remote Code Execution
8.8 7.7 CVE-2025-21221 Vulnerability in Windows Telephony Service for Remote Code Execution
8.8 7.7 CVE-2025-21222 Vulnerability in Windows Telephony Service for Remote Code Execution
8.8 7.7 CVE-2025-25000 Vulnerability in Microsoft Edge (Chromium-based) for Remote Code Execution
8.8 7.7 CVE-2025-26669 Information Disclosure Vulnerability in Windows Routing and Remote Access Service (RRAS)
8.8 7.7 CVE-2025-27477 Vulnerability in Windows Telephony Service for Remote Code Execution
8.8 7.7 CVE-2025-27481 Vulnerability in Windows Telephony Service for Remote Code Execution
8.8 7.7 CVE-2025-27740 Vulnerability in Active Directory Certificate Services for Privilege Elevation
8.8 7.7 CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability
8.6 7.5 CVE-2025-27737 Security Feature Bypass Vulnerability in Windows Security Zone Mapping
8.4 7.3 CVE-2025-26678 Security Feature Bypass Vulnerability in Windows Defender Application Control
8.1 7.1 CVE-2025-26647 Privilege Elevation Vulnerability in Windows Kerberosof Benefit Exposure
8.1 7.1 CVE-2025-26663 Windows Light Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
8.1 7.1 CVE-2025-26670 Light Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
8.1 7.1 CVE-2025-26671 Windows Remote Desktop Services Remote Code Execution Vulnerability
8.1 7.1 CVE-2025-27480 Windows Light Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
8.1 7.1 CVE-2025-27482 Windows Light Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
8.0 7.0 CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability

Appendix C: Affected Products

Below is a compilation of this month’s fixes categorized by product line and then sorted by seriousness. Each list is additionally organized by CVE. Fixes that pertain to multiple product lines are detailed multiple times, once for each product line. Problems impacting Windows Server are further structured in Appendix E.

Windows (89 Vulnerabilities)

Vulnerability in Windows Subsystem for Linux Raises Privileges

Urgent seriousness
CVE-2025-26663 Windows Light Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2025-26670 Light Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
CVE-2025-26686 Windows TCP/IP Remote Code Execution Vulnerability
CVE-2025-27480 Windows Remote Directory Services Remote Code Execution Vulnerability
CVE-2025-27482 Windows Remote Directory Services Remote Code Execution Vulnerability
CVE-2025-27491 Windows Hyper-V Remote Code Execution Vulnerability
Significant seriousness
CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2025-21191 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2025-21197 Windows NTFS Information Disclosure Vulnerability
CVE-2025-21203 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability
CVE-2025-21205 Windows Telephony Service Remote Code Execution Vulnerability
Vulnerability ID: CVE-2025-21221  Exploit Title: Remote Code Execution Vulnerability in Windows Telephony Service 
Vulnerability ID: CVE-2025-21222  Exploit Title: Remote Code Execution Vulnerability in Windows Telephony Service 
Vulnerability ID: CVE-2025-24058  Exploit Title: Elevation of Privilege Vulnerability in Windows DWM Core Library 
Vulnerability ID: CVE-2025-24060  Exploit Title: Elevation of Privilege Vulnerability in Microsoft DWM Core Library 
Vulnerability ID: CVE-2025-24062  Exploit Title: Elevation of Privilege Vulnerability in Microsoft DWM Core Library 
Vulnerability ID: CVE-2025-24073  Exploit Title: Elevation of Privilege Vulnerability in Microsoft DWM Core Library 
Vulnerability ID: CVE-2025-24074  Exploit Title: Elevation of Privilege Vulnerability in Microsoft DWM Core Library 
Vulnerability ID: CVE-2025-26635  Exploit Title: Security Feature Bypass Vulnerability in Windows Hello 
Vulnerability ID: CVE-2025-26637  Exploit Title: Security Feature Bypass Vulnerability in BitLocker 
CVE-2025-26676 Windows Routing and Remote Access Service (RRAS) Exposes Information Vulnerability
CVE-2025-26678 Bypass Vulnerability in Windows Defender Application Control Security Feature
CVE-2025-26679 Privilege Escalation Vulnerability in RPC Endpoint Mapper Service
CVE-2025-26680 Denial of Service Vulnerability in Windows Standards-Based Storage Management Service
CVE-2025-26681 Privilege Escalation Vulnerability in Win32k
CVE-2025-26687 Privilege Escalation Vulnerability in Win32k
CVE-2025-26688 Elevation of Privilege Vulnerability in Microsoft Virtual Hard Disk
CVE-2025-27467 Elevation of Privilege Vulnerability in Windows Digital Media
CVE-2025-27469 Denial of Service Vulnerability in Windows Lightweight Directory Access Protocol (LDAP)
CVE-2025-27470 Denial of Service Vulnerability in Windows Standards-Based Storage Management Service
CVE-2025-27471 Denial of Service Vulnerability in Microsoft Streaming Service
CVE-2025-27472 Security Feature Bypass Vulnerability in Windows Mark of the Web
CVE-2025-27473 Denial of Service Vulnerability in HTTP.sys
CVE-2025-27474 Information Disclosure Vulnerability in Windows Routing and Remote Access Service (RRAS)
CVE-2025-27475 Elevation of Privilege Vulnerability in Windows Update Stack
CVE-2025-27476 Elevation of Privilege Vulnerability in Windows Digital Media
CVE-2025-27477 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-27478 Elevation of Privilege Vulnerability in Windows Local Security Authority (LSA)
CVE-2025-27479 Denial of Service Vulnerability in Kerberos Key Distribution Proxy Service
CVE-2025-27481 Remote Code Execution Vulnerability in Windows Telephony Service
CVE-2025-27483 Elevation of Privilege Vulnerability in NTFS
CVE-2025-27484 Elevation of Privilege Vulnerability in Windows Universal Plug and Play (UPnP) Device Host
CVE-2025-27485 Denial of Service Vulnerability in Windows Standards-Based Storage Management Service
CVE-2025-27486 Denial of Service Vulnerability in Windows Standards-Based Storage Management Service
CVE-2025-27487 Remote Code Execution Vulnerability in Remote Desktop Client
CVE-2025-27490 Elevation of Privilege Vulnerability in Windows Bluetooth Service
CVE-2025-27492 Elevation of Privilege Vulnerability in Windows Secure Channel
CVE-2025-27727 Elevation of Privilege Vulnerability in Windows Installer 
CVE-2025-27728  Elevation of Rights Vulnerability in Windows Kernel-Mode Driver 
CVE-2025-27729  Exploit Vulnerability in Windows Shell Allowing Remote Code Execution 
CVE-2025-27730  Windows Digital Media Bug Leading to Elevation of Privileges 
CVE-2025-27731  Elevation of Privilege Vulnerability in Microsoft OpenSSH for Windows 
CVE-2025-27732  Windows Graphics Component Flaw Allowing Elevation of Privileges 
CVE-2025-27733  Bug in NTFS Causing Elevation of Privileges 
CVE-2025-27735  Security Feature Bypass Vulnerability in Windows Virtualization-Based Security (VBS) 
CVE-2025-27736  Information Disclosure Vulnerability in Windows Power Dependency Coordinator 
CVE-2025-27737  System Vulnerability in Windows Security Zone Mapping Allowing Bypassing Security Feature 
CVE-2025-27738  Revealing Information Bug in Windows Resilient File System (ReFS) 
CVE-2025-27739  Elevation of Privileges Vulnerability in Windows Kernel 
CVE-2025-27740  Elevation of Privileges Bug in Active Directory Certificate Services 
CVE-2025-27741  NTFS System Bug Leading to Elevation of Privileges 
CVE-2025-27742  NTFS Bug Allowing Information Disclosure 
CVE-2025-29808  Information Disclosure Vulnerability in Windows Cryptographic Services 
CVE-2025-29809  Security Feature Bypass Vulnerability in Windows Kerberos 
CVE-2025-29810  Elevation of Privileges Vulnerability in Active Directory Domain Services 
CVE-2025-29811  Elevation of Privileges Bug in Windows Mobile Broadband Driver 
CVE-2025-29812  Elevation of Privileges Vulnerability in DirectX Graphics Kernel 
CVE-2025-29824  Elevation of Privileges Bug in Windows Common Log File System Driver 

 

365 (15 CVEs) 

High severity 
CVE-2025-27745  Critical Vulnerability in Microsoft Office Allowing Remote Code Execution 
CVE-2025-27748  Critical Vulnerability in Microsoft Office Permitting Remote Code Execution 
CVE-2025-27749  Critical Vulnerability in Microsoft Office Enabling Remote Code Execution 
CVE-2025-27752  Critical Vulnerability in Microsoft Excel Permitting Remote Code Execution 
Significant severity 
CVE-2025-26642  Critical Vulnerability in Microsoft Office Allowing Remote Code Execution 
CVE-2025-27746  Critical Vulnerability in Microsoft Office Enabling Remote Code Execution 
CVE-2025-27747  Critical Vulnerability in Microsoft Word Permitting Remote Code Execution 

CVE-2025-27750  Vulnerability for Remote Code Execution in Microsoft Excel  CVE-2025-27751  Microsoft Excel Vulnerability for Remote Code Execution  CVE-2025-29791  Vulnerability for Remote Code Execution in Microsoft Excel  CVE-2025-29792  Vulnerability for Elevation of Privilege in Microsoft Office  CVE-2025-29816  Security Vulnerability for Bypassing Features in Microsoft Word  CVE-2025-29820  Vulnerability for Remote Code Execution in Microsoft Word  CVE-2025-29822  Security Vulnerability for Bypassing Features in Microsoft OneNote  CVE-2025-29823  Vulnerability for Remote Code Execution in Microsoft Excel 

 

Office (15 Security Issues) 

Severe vulnerability 
CVE-2025-27745  Vulnerability for Remote Code Execution in Microsoft Office 
CVE-2025-27748  Vulnerability for Remote Code Execution in Microsoft Office 
CVE-2025-27749  Vulnerability for Remote Code Execution in Microsoft Office 
CVE-2025-27752  Vulnerability for Remote Code Execution in Microsoft Excel 
Significant vulnerability 
CVE-2025-26642  Vulnerability for Remote Code Execution in Microsoft Office 
CVE-2025-26687  Vulnerability for Elevation of Privilege in Win32k 
CVE-2025-27744  Vulnerability for Elevation of Privilege in Microsoft Office 
CVE-2025-27746  Vulnerability for Remote Code Execution in Microsoft Office 
CVE-2025-27747  Vulnerability for Remote Code Execution in Microsoft Word 
CVE-2025-27750  Vulnerability for Remote Code Execution in Microsoft Excel 
CVE-2025-27751  Vulnerability for Remote Code Execution in Microsoft Excel 
CVE-2025-29792  Vulnerability for Elevation of Privilege in Microsoft Office 
CVE-2025-29816  Security Vulnerability for Bypassing Features in Microsoft Word 
CVE-2025-29820  Vulnerability for Remote Code Execution in Microsoft Word 
CVE-2025-29822  Security Vulnerability for Bypassing Features in Microsoft OneNote 

 

Edge (13 Identified Vulnerabilities) 

Significant vulnerability 
CVE-2025-25000  Chromium-based Microsoft Edge Vulnerability for Remote Code Execution 
CVE-2025-29815  Chromium-based Microsoft Edge Vulnerability for Remote Code Execution 
Minor vulnerability 
CVE-2025-25001  iOS Spoofing in Microsoft Edge 

Weakness CVE-2025-29796 Microsoft Edge for iOS Deception Weakness Chromium vulnerability structure High risk CVE-2025-3066 Chromium: CVE-2025-3066 Misuse after freeing in Navigations Medium risk CVE-2025-3067 Chromium: CVE-2025-3067 Incorrect execution in Custom Tabs CVE-2025-3068 Chromium: CVE-2025-3068 Incorrect execution in Intents CVE-2025-3069 Chromium: CVE-2025-3069 Incorrect execution in Extensions CVE-2025-3070 Chromium: CVE-2025-3070 Insufficient authentication of untrusted input in Extensions Low risk CVE-2025-3071 Chromium: CVE-2025-3071 Incorrect execution in Navigations CVE-2025-3072 Chromium: CVE-2025-3072 Incorrect execution in Custom Tabs CVE-2025-3073 Chromium: CVE-2025-3073 Incorrect execution in Autofill CVE-2025-3074 Chromium: CVE-2025-3074 Incorrect execution in Downloads

SharePoint (6 Weaknesses)

Significant risk
CVE-2025-26642 Microsoft Office Remote Code Execution Weakness
CVE-2025-27746 Microsoft Office Remote Code Execution Weakness
CVE-2025-27747 Microsoft Word Remote Code Execution Weakness
CVE-2025-29793 Microsoft SharePoint Remote Code Execution Weakness
CVE-2025-29794 Microsoft SharePoint Remote Code Execution Weakness
CVE-2025-29820 Microsoft Word Remote Code Execution Weakness

Visual Studio (5 Weaknesses)

Significant risk
CVE-2025-20570 Visual Studio Code Elevation of Privilege Weakness
CVE-2025-26682 ASP.NET Core and Visual Studio Denial of Service Weakness
CVE-2025-29802 Visual Studio Elevation of Privilege Weakness
CVE-2025-29804 Visual Studio Elevation of Privilege Weakness

Azure (4 Weaknesses)

Significant risk
CVE-2025-25002 Azure Local Cluster Information Disclosure Weakness
CVE-2025-26628 Azure Local Cluster Information Disclosure Weakness
CVE-2025-27489  Azure Privilege Escalation Vulnerability 
CVE-2025-29819  Azure Portal Information Disclosure Vulnerability in Windows Admin Center 

 

Excel (3 Common Vulnerabilities and Exposures) 

Critical severity 
CVE-2025-26642  Vulnerability allowing Remote Code Execution in Microsoft Office 
CVE-2025-27750  Vulnerability enabling Remote Code Execution in Microsoft Excel 
CVE-2025-27751  Vulnerability allowing Remote Code Execution in Microsoft Excel 

 

Microsoft AutoUpdater for macOS (2 Common Vulnerabilities and Exposures) 

Critical severity 
CVE-2025-29800  Elevation of Privilege Vulnerability in Microsoft AutoUpdate (MAU) 
CVE-2025-29801  Elevation of Privilege Vulnerability in Microsoft AutoUpdate (MAU) 

Word (2 Common Vulnerabilities and Exposures) 

Critical severity 
CVE-2025-27747  Vulnerability allowing Remote Code Execution in Microsoft Word 
CVE-2025-29816  Security Feature Bypass Vulnerability in Microsoft Word 

Access (1 Common Vulnerability and Exposure) 

Critical severity 
CVE-2025-26642  Vulnerability allowing Remote Code Execution in Microsoft Office 

 

ASP.NET (1 Common Vulnerability and Exposure) 

Critical severity 
CVE-2025-26682  Denial of Service Vulnerability in ASP.NET Core and Visual Studio 

 

Dynamics 365 (1 Common Vulnerability and Exposure) 

Critical severity 
CVE-2025-29821  Information Disclosure Vulnerability in Microsoft Dynamics Business Central 

 

OneNote (1 Common Vulnerability and Exposure) 

Critical severity 
CVE-2025-29822  Security Feature Bypass Vulnerability in Microsoft OneNote 

 

Outlook for Android (1 Common Vulnerability and Exposure) 

Critical severity 
CVE-2025-29805  Information Disclosure Vulnerability in Outlook for Android 

 

Automated Power Desktop (1 CVE) 

Significant criticality 
CVE-2025-29817  Microsoft Power Automate Desktop Information Exposure Vulnerability 

 

Structured Query Language Server (1 CVE) 

Significant criticality 
CVE-2025-29803  Visual Studio Tools for Applications and SQL Server Management Studio Privilege Escalation Vulnerability 

 

Central System (1 CVE) 

Significant criticality 
CVE-2025-27743  Microsoft Central System Privilege Escalation Vulnerability 

 

VSTA (1 CVE) 

Significant criticality 
CVE-2025-29803  Visual Studio Tools for Applications and SQL Server Management Studio Privilege Escalation Vulnerability 

 

Appendix D: Alerts and Alternate Products 

There are 16 Adobe alerts in this month’s release. 

CVE-2025-24446  APSB25-15  Inadequate Input Validation 
CVE-2025-24447  APSB25-15  Deserialization of Untrusted Data 
CVE-2025-30281  APSB25-15  Inadequate Access Control 
CVE-2025-30282  APSB25-15  Inadequate Authentication 
CVE-2025-30283  APSB25-15  Inadequate Input Validation 
CVE-2025-30284  APSB25-15  Deserialization of Untrusted Data 
CVE-2025-30285  APSB25-15  Deserialization of Untrusted Data 
CVE-2025-30286  APSB25-15  Inadequate Handling of Special Elements in an OS Command (‘OS Command Injection’) 
CVE-2025-30287  APSB25-15  Inadequate Authentication 
CVE-2025-30288  APSB25-15  Inadequate Access Control 
CVE-2025-30289  APSB25-15  Inadequate Handling of Special Elements in an OS Command (‘OS Command Injection’) 
CVE-2025-30290  APSB25-15  Inadequate Restriction of a Pathname to a Limited Directory (‘Path Traversal’) 
CVE-2025-30291  APSB25-15  Exposure of Information 
CVE-2025-30292  APSB25-15  Malicious JavaScript Injection (Reflected XSS)
CVE-2025-30293 APSB25-15 Inadequate Input Filtering
CVE-2025-30294 APSB25-15 Inadequate Input Validation

Appendix E: Impacted Windows Server editions

Here is a tabulation of the CVEs identified in the April update affecting nine Windows Server versions ranging from 2008 to 2025. The chart categorizes the major releases of the system but does not delve into specifics (e.g., Server Core). Entries marked in red indicate issues of critical severity. An “x” signifies that the CVE is not applicable to that particular version. System administrators are advised to utilize this section as a reference point to determine their specific vulnerability, as the circumstances of each user may differ, especially in relation to products that are no longer under mainstream support. For precise Knowledge Base designations, please refer to Microsoft. Please note that CVE-2025-27475 pertains solely to Windows clients and hence is included in this table without any server versions marked.

 

2008 2008-R2 2012 2012-R2 2016 2019 2022 2022 23H2 2025
CVE-2025-21174 × × × ×
CVE-2025-21191
CVE-2025-21197            
CVE-2025-21203                   
CVE-2025-21204                   
CVE-2025-21205                   
CVE-2025-21222                   
CVE-2025-24058  ×  ×  ×  ×  ×         
CVE-2025-24060  ×  ×  ×  ×  ×         
CVE-2025-24062  ×  ×  ×  ×  ×  ×       
CVE-2025-24073  ×  ×  ×  ×           
CVE-2025-24074  ×  ×  ×  ×  ×         
CVE-2025-26635  ×  ×  ×  ×  ×        × 
CVE-2025-26637  ×  ×  ×             
Vulnerability-2025-26640  ×  ×  ×  ×  ×    ×     
Vulnerability-2025-26641                   
Vulnerability-2025-26644  ×  ×  ×  ×  ×    ×  ×   
Vulnerability-2025-26647                   
Vulnerability-2025-26648  ×               
CVE-2025-26649  ×  ×  ×  ×  ×  ×       
CVE-2025-26651  ×  ×  ×  ×  ×  ×       
CVE-2025-26652  ×  ×  ×          ×   
CVE-2025-26663                   
CVE-2025-26664                   
CVE-2025-26665                   
CVE-2025-26666  ×  ×  ×  ×  ×         
CVE-2025-26667                   
CVE-2025-26668                   
CVE-2025-26669                   
CVE-2025-26670        ■          ■ 
CVE-2025-26671  ×                 
CVE-2025-26672                   
CVE-2025-26673

                 
CVE-2025-26674  ×  ×  ×  ×  ×         
CVE-2025-26675  ×  ×  ×  ×  ×  ×       
CVE-2025-26676                   
CVE-2025-26678  ×  ×  ×  ×  ×         
CVE-2025-26679                   
CVE-2025-26680  ×  ×  ×          ×   
CVE-2025-26681  ×  ×  ×  ×  ×  ×       
CVE-2025-26686                   
CVE-2025-26687                   
CVE-2025-26688  ×  ×               
CVE-2025-27467  ×  ×  ×  ×  ×    ×     
CVE-2025-27469                   
       
CVE-2025-27471         
CVE-2025-27472       
CVE-2025-27473       
CVE-2025-27474       
CVE-2025-27475    ×  ×  ×  ×  ×  ×  ×  × 
Vulnerability: CVE-2025-27476  ×  ×  ×  ×  ×    ×     
Vulnerability: CVE-2025-27477                 
Vulnerability: CVE-2025-27478                 
Vulnerability: CVE-2025-27479 × ×        
CVE-2025-27480  ×  ×               
CVE-2025-27481                   
CVE-2025-27482  ×  ×  ×  ×           
CVE-2025-27483  ×  ×  ×        ×  ×  × 
CVE-2025-27484                  × 
CVE-2025-27485  ×  ×  ×          ×   
CVE-2025-27486  ×  ×  ×          ×   
CVE-2025-27487  ×                 
CVE-2025-27490  ×  ×  ×  ×  ×  ×       
Vulnerability ID 2025-27491  ×  ×  ×  ×           
Vulnerability ID 2025-27492  ×  ×  ×  ×  ×  ×       
Vulnerability ID 2025-27727                   
Vulnerability ID 2025-27728  ×         ×  ×  ×  × 
×
CVE-2025-27740 ×
CVE-2025-27741 ×
CVE-2025-27742 × ×
CVE-2025-27743   x  x  x  x         
CVE-2025-27740               
CVE-2025-27741            x  x 
CVE-2025-27742             
CVE-2025-29808  x  x  x  x  x  x

    ×  × 
CVE-2025-29809  ×  ×  ×  ×           
CVE-2025-29810                   
CVE-2025-29811  ×  ×  ×  ×  ×  ×  ×     
CVE-2025-29812  ×  ×  ×  ×  ×  ×       
CVE-2025-29824                 

 

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , ,

More Stories

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

AndyC 20 December 2025
State-linked and criminal hackers use device code phishing against M365 users

State-linked and criminal hackers use device code phishing against M365 users

AndyC 20 December 2025
Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

AndyC 20 December 2025
Proofpoint CEO On Closing ‘Watershed’ .8B Hornetsecurity Deal, IPO Plans

Proofpoint CEO On Closing ‘Watershed’ $1.8B Hornetsecurity Deal, IPO Plans

AndyC 20 December 2025
What Cyber Defenders Really Think About AI Risk

What Cyber Defenders Really Think About AI Risk

AndyC 20 December 2025

Palo Alto Networks, Google Cloud Expand Partnership in Multibillion-Dollar Deal

AndyC 20 December 2025

You may have missed

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

AndyC 20 December 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

AndyC 20 December 2025
State-linked and criminal hackers use device code phishing against M365 users

State-linked and criminal hackers use device code phishing against M365 users

AndyC 20 December 2025
Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.